Problems with /etc/cron.d/certbot on Debian

Posted on May 6, 2020 at 11:04 pm

If you are using certbot (Let’s Encrypt) with Nginx on Debian Buster you may have encountered problems in auto-renewal of your certificates. This may be because the /etc/cron.d/certbot didn’t actually execute, ore information can be read here:

https://community.letsencrypt.org/t/cerbot-cron-job/23895/5

It looks like that if the directory /run/systemd/system/ exists it won’t execute the renew command, because you are running systemd. It won’t run the renew command because there is a systemd timer that was configured when you installed the certbot package.

The certbot timer should be located on /lib/systemd/system/certbot.timer and it will execute the command specified on /lib/systemd/system/certbot.service file. The certbot.timer will execute the certbot.service twice daily, precisely at 12 am and 12 pm.

This is the content of /lib/systemd/system/certbot.timer:

[Unit]
Description=Run certbot twice daily
 
[Timer]
OnCalendar=*-*-* 00,12:00:00
RandomizedDelaySec=43200
Persistent=true
 
[Install]
WantedBy=timers.target

And this is the content of /lib/systemd/system/certbot.service:

[Unit]
Description=Certbot
Documentation=file:///usr/share/doc/python-certbot-doc/html/index.html
Documentation=https://letsencrypt.readthedocs.io/en/latest/
[Service]
Type=oneshot
ExecStart=/usr/bin/certbot -q renew
PrivateTmp=true

Instead, you should use this script (works better):

Automatically Renew Let’s Encrypt Certificates (Nginx)

Receive updates via email

Other Posts

Updated Posts